[CERT-daily] Tageszusammenfassung - 10.08.2020
Daily end-of-shift report
team at cert.at
Mon Aug 10 18:13:30 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 07-08-2020 18:00 − Montag 10-08-2020 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ DDoS attacks in Q2 2020 ∗∗∗
---------------------------------------------
The second quarter is normally calmer than the first, but this year is an exception. The long-term downward trend in DDoS-attacks has unfortunately been interrupted, and this time we are witnessing an increase.
---------------------------------------------
https://securelist.com/ddos-attacks-in-q2-2020/98077/
∗∗∗ Scanning Activity Include Netcat Listener, (Sat, Aug 8th) ∗∗∗
---------------------------------------------
This activity started on the 5 July 2020 and has been active to this day only scanning against TCP port 81. The GET command is always the same except for the Netcat IP which has changed a few times since it started. If you have a webserver or a honeypot listening on TCP 81, this activity might be contained in your logs.
---------------------------------------------
https://isc.sans.edu/diary/rss/26442
∗∗∗ Scoping web application and web service penetration tests, (Mon, Aug 10th) ∗∗∗
---------------------------------------------
Before starting any penetration test, the most important part is to correctly scope it - this will ensure that both the clients expectations are fulfilled and that enough time is allocated to make sure that the penetration test is correctly performed.
---------------------------------------------
https://isc.sans.edu/diary/rss/26448
∗∗∗ Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts ∗∗∗
---------------------------------------------
A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns target senior positions in the United States and Canada.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/water-nue-campaign-targets-c-suites-office-365-accounts/
∗∗∗ DEF CON 28: Introduction to ACARS ∗∗∗
---------------------------------------------
This post is a companion to the DEF CON 28 video available here: https://www.youtube.com/watch?v=NFS6qNAi0B8 What is ACARS? ACARS (Aircraft Communications Addressing and Reporting System, pronounced ‘ay-cars’) [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/introduction-to-acars/
∗∗∗ Small and medium‑sized businesses: Big targets for ransomware attacks ∗∗∗
---------------------------------------------
Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion?
---------------------------------------------
https://www.welivesecurity.com/2020/08/07/small-medium-sized-businesses-big-targets-ransomware-attacks/
=====================
= Vulnerabilities =
=====================
∗∗∗ Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28 ∗∗∗
---------------------------------------------
Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted application.
---------------------------------------------
https://thehackernews.com/2020/08/zoom-software-vulnerabilities.html
∗∗∗ TeamViewer: Fernwartungstool wies gefährliche Schwachstelle auf ∗∗∗
---------------------------------------------
Wer TeamViewer unter Windows länger nicht aktualisiert hat, sollte dies zügig nachholen: Eine Schwachstelle erlaubt(e) unter Umständen unbefugte Fernzugriffe.
---------------------------------------------
https://heise.de/-4866337
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, java-1.8.0-openjdk, java-11-openjdk, libvncserver, postgresql-jdbc, and thunderbird), Debian (firejail and gupnp), Fedora (cutter-re, postgresql-jdbc, radare2, and webkit2gtk3), openSUSE (chromium, firefox, kernel, and python-rtslib-fb), Oracle (container-tools:ol8, kernel, and nss and nspr), Scientific Linux (thunderbird), and SUSE (firefox, kernel, postgresql10 and postgresql12, python-ipaddress, and xen).
---------------------------------------------
https://lwn.net/Articles/828309/
∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4541) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-affects-the-report-builder-that-is-shipped-with-jazz-reporting-service-cve-2020-4541/
∗∗∗ Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential information disclosure id 177835 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-check-services-is-affected-by-a-potential-information-disclosure-id-177835/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-july-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/
∗∗∗ Security Bulletin: Security vulnerability affects the Lifecycle Query Engine that is shipped with Jazz Reporting Service (CVE-2020-4533) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-affects-the-lifecycle-query-engine-that-is-shipped-with-jazz-reporting-service-cve-2020-4533/
∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential information disclosure id 177835 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-corporate-payment-services-is-affected-by-a-potential-information-disclosure-id-177835/
∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-payment-services-cve-2020-2654/
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Check Services (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-check-services-cve-2019-4732-2/
∗∗∗ Security Bulletin: Security vulnerability affects the Lifecycle Query Engine that is shipped with Jazz Reporting Service (CVE-2020-4539) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-affects-the-lifecycle-query-engine-that-is-shipped-with-jazz-reporting-service-cve-2020-4539/
∗∗∗ Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-version-10-19-0-of-node-js-included-in-ibm-netcool-operations-insight-1-6-0-x-has-several-security-vulnerabilities/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list